It's Patch Day in the land of Cisco.The network routing and switching giant today released three security bulletins with patches for multiple vulnerabilities affecting the Cisco Voice Portal and the Secure Shell server (SSH) implementation in Cisco IOS.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
Heads up to Mac OS X users: It appears Apple will be shipping high-priority security patches sometime today. (See important update at the end)According to a security alert from vulnerability research and pen testing firm Core Security, Apple is about to release patches for three remotely exploitable security vulnerabilities in iCal, the personal calendar application that ships on Mac OS X.
Rational, but unrealistic in today's threatscape. According to the Times :"Customers using their credit or debit cards online have been advised that high street banks are likely to become increasingly reluctant to help victims of internet fraud as new rules added to the Banking Code signal less willingness to cover losses.
I was over reading Russ McRee's blog today, and I've got to say, if McAfee's HackerSafe (or whatever they're calling it now) doesn't die off soon, then he'll be able to write a novel about their trials and tribulations.Apparently, McAfee authorized distributor Winferno.
Wow that was quick. No sooner did I get done posting my last article and I see on Wired the following story:Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys — and that information turns out to be not very sensitive after all.
I've been terrible busy lately. Hopefully you all here haven't noticed, as I've been working hard to still keep my posts flowing, but I've just got time to catch up with several blogs that I read often.
In an attempt to mitigate the impact of the recent waves of SQL injection attacks, and provide more transparency into the approximate number of affected pages, the Shadowserver Foundation is starting to maintain a list of all the malicious domains used in the continuing efforts by copycats to inject as many legitimate sites as possible. Currently counting over fifty malicious domains, and the corresponding number of affected pages by them, the total number is just over 1.
Update 05/20/08: Sorry ladies and gents, I have to retract my previous entry. I had mentioned that 24 flaws were patched for Mozilla today, but what I didn't realize was that the announcement was specific to gentoo emerge packages and that this was actually fixed sometime ago.
The rise of pro-Kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-Kosovo propaganda.
PayPal fixed an XSS vulnerability today that drew some attention. Harry Sintonen reported an XSS vulnerability in the "safe" area of the PayPal application.